Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9790

Support for X-Accel-Redirect and X-Sendfile headers for attachment downloads

    Details

    • Type: New Feature
    • Status: Unverified Fix
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.1.0-a1
    • Component/s: Other
    • Labels:
      None
    • Environment:
      nginx 0.7.67

      Description

      nginx doesn't support X-Sendfile, but something similar called X-Accel-Redirect. I believe this feature would be beneficial to nginx users, as the webserver excels at serving static content.

      Altering the X-Sendfile support at lines 458-461 of download/file.php to

                      if (strpos($upload_dir, '/') !== 0 && strpos($upload_dir, '../') === false)
                      {
                              header('X-Accel-Redirect: ' . $filename);
                      }
      

      is all which is required to send the header to nginx for processing. However, nginx will return a 404 as this sends what it calls an "unsafe URI". As an example, when altering download/file.php to match the above, a request for an attachment will return a 404 with the following entry in nginx's error log:
      unsafe URI "./../files/2_d2b0982cf8938dae68840465cf6045da" was detected while reading response header from upstream

      If the path sent to nginx isn't relative, but absolute to phpBB3's root, e.g. files/2_d2b0982cf8938dae68840465cf6045da then nginx will process the request.

        Attachments

          Activity

            People

            • Assignee:
              bantu Andreas Fischer
              Reporter:
              koios koios
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: